Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : NLTK vulnerabilities (USN-8302-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8302-1 advisory. It was discovered that NLTK incorrectly validated file paths when opening files...

USN-8302-1 nltk vulnerabilities

It was discovered that NLTK incorrectly validated file paths when opening files using the nltk.util module. An attacker could possibly use this issue to obtain sensitive information. CVE-2026-0846 It was discovered that NLTK incorrectly validated file paths in multiple CorpusReader classes. An...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal in NLTK [CVE-2026-33236]

Summary IBM Watson Speech Services Cartridge is vulnerable to a path traversal in NLTK Natural Language Toolkit, caused by a NLTK downloader that does not validate the subdir and id attributes when processing remote XML index files CVE-2026-33236. NLTK is used in our speech runtimes. This...

ROOT-APP-PYPI-CVE-2026-33231 CVE-2026-33231 in rootio-nltk - Patched by Root

Root has patched CVE-2026-33231 in the rootio-nltk package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-33236 CVE-2026-33236 in rootio-nltk - Patched by Root

Root has patched CVE-2026-33236 in the rootio-nltk package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-33230 CVE-2026-33230 in rootio-nltk - Patched by Root

Root has patched CVE-2026-33230 in the rootio-nltk package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2025-14009 CVE-2025-14009 in rootio-nltk - Patched by Root

Root has patched CVE-2025-14009 in the rootio-nltk package for Root:PyPI. Multiple fixed versions available...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : NLTK vulnerability (USN-8214-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8214-1 advisory. It was discovered that NLTK incorrectly handled file extraction when opening a maliciously...

Security Bulletin: Maximo AI Service uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary Maximo AI Service uses nltk-3.9.1-py3-none-any.whl, mlflow-3.1.0-py3-none-any.whl, and spring-security-web-6.5.7.jar, which are vulnerable to CVE-2025-14009, CVE-2026-2635, CVE-2026-0848, and CVE-2026-22732. This bulletin contains information regarding how to address the vulnerabilities...

📄 NLTK 3.9.2 Path Traversal / File Disclosure

NLTK version 3.9.2 suffers from a path traversal vulnerability that allows for file disclosure. ================================================================================================================================== | Title : NLTK 3.9.2 Path Traversal - File Disclosure Exploit | | Auth...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to code injection in NLTK [CVE-2025-14009]

Summary IBM Watson Speech Services Cartridge is vulnerable to code injection in NLTK, due to an issue in in the NLTK downloader component of nltk/nltk that causes the unzipiter function in nltk/downloader.py to fail to perform path validation or security checks CVE-2025-14009. NLTK is used in our...

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.7.0 Vulnerability Details CVEID:CVE-2025-14009 DESCRIPTION: A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The unzipiter function in...

Mageia: Security Advisory (MGASA-2026-0082)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2026-0082 Updated python-nltk packages fix security vulnerability

nltk Vulnerable to Cross-site Scripting. CVE-2026-33230...

OPENSUSE-SU-2026:10461-1 python311-nltk-3.9.4-1.1 on GA media

These are all security issues fixed in the python311-nltk-3.9.4-1.1 package on the GA media of openSUSE Tumbleweed...

Security update for python-nltk (important)

openSUSE Security Update: Security update for python-nltk Announcement ID: openSUSE-SU-2026:0098-1 Rating: important References: 1260066 1260067 1260068 Cross-References: CVE-2026-33230 CVE-2026-33231 CVE-2026-33236 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes three...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to XSS (CVE-2026-33230), denial of service (CVE-2026-33231, GHSA-rf74-v2fm-23pw) and path traversal (CVE-2026-33236)

Summary Python module NLTK is used by IBM App Connect Enterprise Certified Container for mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to cross-site scripting CVE-2026-33230, denial of service CVE-2026-3323...

GHSA-RF74-V2FM-23PW vulnerabilities

Vulnerabilities for packages: py3-nltk, kubeflow-pipelines-visualization-server, open-webui...

GHSA-GFWX-W7GR-FVH7 vulnerabilities

Vulnerabilities for packages: py3-nltk, kubeflow-pipelines-visualization-server, open-webui...

CVE-2026-33230 vulnerabilities

Vulnerabilities for packages: py3-nltk, kubeflow-pipelines-visualization-server, open-webui...